Documentation
¶
Overview ¶
Package decryption is the client.Policies.Decryption namespace.
Normalized object: Entry
Index ¶
- Constants
- func RulesMatch(a, b Entry) bool
- type Entry
- type Firewall
- func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error)
- func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error)
- func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, ...) error
- func (c *Firewall) CurrentAuditComment(vsys, rule string) (string, error)
- func (c *Firewall) Delete(vsys string, e ...interface{}) error
- func (c *Firewall) Edit(vsys string, e Entry) error
- func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error)
- func (c *Firewall) Get(vsys, name string) (Entry, error)
- func (c *Firewall) GetAll(vsys string) ([]Entry, error)
- func (c *Firewall) GetList(vsys string) ([]string, error)
- func (c *Firewall) HitCount(vsys string, rules []string) ([]util.HitCount, error)
- func (c *Firewall) MoveGroup(vsys string, movement int, rule string, e ...Entry) error
- func (c *Firewall) Set(vsys string, e ...Entry) error
- func (c *Firewall) SetAuditComment(vsys, rule, comment string) error
- func (c *Firewall) Show(vsys, name string) (Entry, error)
- func (c *Firewall) ShowAll(vsys string) ([]Entry, error)
- func (c *Firewall) ShowList(vsys string) ([]string, error)
- type Panorama
- func (c *Panorama) AllFromPanosConfig(dg, base string) ([]Entry, error)
- func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error)
- func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, ...) error
- func (c *Panorama) CurrentAuditComment(dg, base, rule string) (string, error)
- func (c *Panorama) Delete(dg, base string, e ...interface{}) error
- func (c *Panorama) Edit(dg, base string, e Entry) error
- func (c *Panorama) FromPanosConfig(dg, base, name string) (Entry, error)
- func (c *Panorama) Get(dg, base, name string) (Entry, error)
- func (c *Panorama) GetAll(dg, base string) ([]Entry, error)
- func (c *Panorama) GetList(dg, base string) ([]string, error)
- func (c *Panorama) MoveGroup(dg, base string, movement int, rule string, e ...Entry) error
- func (c *Panorama) Set(dg, base string, e ...Entry) error
- func (c *Panorama) SetAuditComment(dg, base, rule, comment string) error
- func (c *Panorama) Show(dg, base, name string) (Entry, error)
- func (c *Panorama) ShowAll(dg, base string) ([]Entry, error)
- func (c *Panorama) ShowList(dg, base string) ([]string, error)
Constants ¶
const ( ActionNoDecrypt = "no-decrypt" ActionDecrypt = "decrypt" ActionDecryptAndForward = "decrypt-and-forward" )
Valid Action values.
Decrypt and forward is PAN-OS 8.1+.
const ( DecryptionTypeSslForwardProxy = "ssl-forward-proxy" DecryptionTypeSshProxy = "ssh-proxy" DecryptionTypeSslInboundInspection = "ssl-inbound-inspection" )
Valid DecryptionType values.
Variables ¶
This section is empty.
Functions ¶
func RulesMatch ¶
Types ¶
type Entry ¶
type Entry struct {
Name string
Description string
SourceZones []string // unordered
SourceAddresses []string // unordered
NegateSource bool
SourceUsers []string // unordered
DestinationZones []string // unordered
DestinationAddresses []string // unordered
NegateDestination bool
Tags []string // ordered
Disabled bool
Services []string // unordered
UrlCategories []string
Action string
DecryptionType string
SslCertificate string
DecryptionProfile string
Targets map[string][]string
NegateTarget bool
ForwardingProfile string // PAN-OS 8.1+
Uuid string // PAN-OS 9.0+
GroupTag string // PAN-OS 9.0+
SourceHips []string // PAN-OS 10.0+
DestinationHips []string // PAN-OS 10.0+
LogSuccessfulTlsHandshakes bool // PAN-OS 10.0+
LogFailedTlsHandshakes bool // PAN-OS 10.0+
LogSetting string // PAN-OS 10.0+
SslCertificates []string // PAN-OS 10.2+, unordered
}
Entry is a normalized, version independent representation of a decryption rule.
Targets is a map where the key is the serial number of the target device and the value is a list of specific vsys on that device. The list of vsys is nil if all vsys on that device should be included or if the device is a virtual firewall (and thus only has vsys1).
type Firewall ¶
type Firewall struct {
// contains filtered or unexported fields
}
Firewall is the client.Policies.PolicyBasedForwarding namespace.
func FirewallNamespace ¶
func FirewallNamespace(client util.XapiClient) *Firewall
FirewallNamespace returns an initialized namespace.
func (*Firewall) AllFromPanosConfig ¶
AllFromPanosConfig retrieves all objects stored in the retrieved config.
func (*Firewall) AuditCommentHistory ¶
func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error)
AuditCommentHistory returns a chunk of historical audit comment logs.
func (*Firewall) ConfigureRules ¶
func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error
ConfigureRules configures the given rules on PAN-OS.
It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.
Audit comments are applied only for rules which are either SET or EDIT'ed.
If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.
Params move and oRule are for moving the group into place after configuration.
Any rule name that appears in prevRules but not in the rules param will be deleted.
func (*Firewall) CurrentAuditComment ¶
CurrentAuditComment returns the current audit comment.
func (*Firewall) Delete ¶
Delete performs DELETE to remove the specified objects.
Objects can be either a string or an Entry object.
func (*Firewall) FromPanosConfig ¶
FromPanosConfig retrieves the object stored in the retrieved config.
func (*Firewall) HitCount ¶
HitCount gets the rule hit count for the given rules.
If the rules param is nil, then the hit count for all rules is returned.
func (*Firewall) MoveGroup ¶
MoveGroup moves a logical group of rules somewhere in relation to another rule.
The `movement` param should be one of the Move constants in the util package.
The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.
func (*Firewall) SetAuditComment ¶
SetAuditComment sets the audit comment for the given rule.
type Panorama ¶
type Panorama struct {
// contains filtered or unexported fields
}
Panorama is the client.Policies.Security namespace.
The "dg" param in these functions is the device group.
The "base" param in these functions should be one of the rulebase constants in the "util" package.
func PanoramaNamespace ¶
func PanoramaNamespace(client util.XapiClient) *Panorama
PanoramaNamespace returns an initialized namespace.
func (*Panorama) AllFromPanosConfig ¶
AllFromPanosConfig retrieves all objects stored in the retrieved config.
func (*Panorama) AuditCommentHistory ¶
func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error)
AuditCommentHistory returns a chunk of historical audit comment logs.
func (*Panorama) ConfigureRules ¶
func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error
ConfigureRules configures the given rules on PAN-OS.
It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.
Audit comments are applied only for rules which are either SET or EDIT'ed.
If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.
Params move and oRule are for moving the group into place after configuration.
Any rule name that appears in prevRules but not in the rules param will be deleted.
func (*Panorama) CurrentAuditComment ¶
CurrentAuditComment returns the current audit comment.
func (*Panorama) Delete ¶
Delete removes the given objects.
Objects can be a string or an Entry object.
func (*Panorama) FromPanosConfig ¶
FromPanosConfig retrieves the object stored in the retrieved config.
func (*Panorama) MoveGroup ¶
MoveGroup moves a logical group of rules somewhere in relation to another rule.
The `movement` param should be one of the Move constants in the util package.
The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.
func (*Panorama) SetAuditComment ¶
SetAuditComment sets the audit comment for the given rule.
Source Files